Please find, linked here, a VERY preliminary draft of the “Model” component of my “MVC Approach Based Cyber Security Framework” (informally and with tongue firmly in cheek titled “#NISTCSF-BSIDES” as well).

Everyone, I’ve been working on these ideas for a very long time, but I have not yet had time to write up the possible 50 pages of the justifications, explanations, and experience which has driven this or the many ways it provides specific values and solves specific real world problems I’ve encountered.

But, in the interest of time – and to keep perfection from getting in the way of good – I thought it was worth throwing out to you all to see what you think without all of that supporting material. It’s worth noting that I’m intending here to provide a base model for a complete framework and that there are at least two levels (equivalent coding concepts of controllers and views) that should be based on this that would actually be what end-users of the framework see and use.

Frankly, I’m almost relieved to finally have something this coherent on paper, even if it might never be finished. I hope it ends up being useful, though. I only ask that if you find it so, please engage me so that (at least) I can convey much of the other support concepts that are not yet represented.

[…] If this seems simple, I’ll grant that. There are YEARS of thought and experience going into distilling a complex topic into what is essentially just 5 boxes. But, if that seems obvious or innocuous, I’ll disagree. There are *many* layers of complexity supporting this model, why it’s framed this way and not another, and (more importantly) still more layers of complexity that this model **will enable** through its simplicity. You can find the older draft HERE […]